<?php
/**     
  *
  * Copyright (c) 2009, Persistent Systems Limited
  *
  * Redistribution and use, with or without modification, are permitted 
  *  provided that the following  conditions are met:
  *   - Redistributions of source code must retain the above copyright notice, 
  *     this list of conditions and the following disclaimer.
  *   - Neither the name of Persistent Systems Limited nor the names of its contributors 
  *     may be used to endorse or promote products derived from this software 
  *     without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
/**
 *  For getting methods related to HTTP headers
 */ 
require_once 'util/HttpHelper.php';
/**
 *  For getting properties and methods related to Token  Validations
 */
require_once 'ACS/TokenValidator.php';
/**
 * Class ValidateClaimUtil for validating token 
 * @access public
 */
class ValidateClaimUtil
{


	/**
	`* This function validates the claims
	 * @static
	 * @param array $requiredClaims It is the array of required claims 
	 * @param string $acs_trusted_service It is the service name 
	 * @param string $acs_trusted_audience It is the name  of trusted audience
	 * @param string $acs_trusted_signing_key It is the of trusted signing key
	 * @return boolean 
	 */
	public static function ValidateClaims($requiredClaims,$acs_trusted_service,$acs_trusted_audience,$acs_trusted_signing_key)
	{
			
			$authHeader = HttpHelper::getAutherizationHeader();
			$tokenValidator = new TokenValidator($acs_trusted_service, $acs_trusted_audience, $acs_trusted_signing_key, $authHeader);
			if (!$tokenValidator->validate($authHeader))
			{
				header('HTTP/1.1 401 Access Denied');   
				header('Content-type: text/html');   
				exit;
			}

			// Get associated claims as name-value pair collection
			$claims = $tokenValidator->getClaims();
			//checking required claims are set or not
			$cntRequiredClaims = count($requiredClaims);
			$cntClaims         = 0;
			foreach ($requiredClaims as $K => $V) {
				foreach ($claims as $k => $v){
					if(($K == $k) && ($V == $v)){
					
						$cntClaims++;
						break;
					}
				}
			}

			if($cntRequiredClaims == $cntClaims){

				return true;

			}else {

				return false;
			}

			
    
	}



}